Open Krustak opened 1 month ago
openvpn (like a lot of other services) don't instantly reload CRL's, restart the affected service and you should be fine.
Is it possible to add "Restart OpenVPN service" to CRON commands? It seems its not there like for example IPSec service and Wireguard service
thank you
PS: I have restarted openvpn services (all) and I can still connect with revoked certificate
hello, correction, it started working once I rebooted whole machine. So i created cronjob to reboot OPNSense at night to apply all CRLs
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Describe the bug
Hello,
Im using Open VPN on OPNSense in configuration that doesnt need user name or password, so Im only validating users by certificate created by my OPNSense CA. I have CRL and I have it configured in Open VPN server as Certificate Revocation List. When I edit CRL and add any of my certificates I can still connect using this ovpn file with revoked certificate.
thank you
Expected behavior
Once certificate is revoked, OpenVPN should not allow connection with it.
Screenshots
Environment
Software version used and hardware type if relevant, e.g.:
OPNsense 24.7.5_3 (amd64).